Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!rochester!udel!gatech!paladin.american.edu!europa.eng.gtefsd.com!darwin.sura.net!zaphod.mps.ohio-state.edu!wupost!mont!mizzou1.missouri.edu!C445585
From: C445585@mizzou1.missouri.edu (John Kelsey)
Subject: Re: Implementing a Diffie-Hellman key exchange.
Message-ID: <16BBC1252F.C445585@mizzou1.missouri.edu>
Sender: news@mont.cs.missouri.edu
Nntp-Posting-Host: mizzou1.missouri.edu
Organization: University of Missouri
References:  <C602pB.Fs@consent.uucp>
Date: Mon, 26 Apr 93 20:50:54 CDT
Lines: 18

   You should probably use numbers much larger than 64-bits.  Also, you
may want to include some randomly-generated bitstrings in your protocol.
This way, if someone should find the shared key you and another person
use on one day, they won't be able to guess it for the next day....
 
   Ie A sends G**A mod P and random string R0
      B sends G**B mod P and random string R1
 
      Both find (G**A mod P)** B mod P = Shared Key, then both calculate
 
      Session Key = Hash(R0,Shared Key, R1)
 
   Also, you will want to make sure that you're getting the right public
key value G**A mod P.  Someone with the power to intercept and change messages
can oterwise spoof you by sending both of you *his* public key, and then
acquiring a session key with each of you....
 
   --John
